Modified on March 5, 2026 to remove the “subscribe” option. This blog has been retired and replaced by the S.P.I.R.I.T. newsletter.
Eager to skip ahead to today’s topic?
Jump to the Table of Contents.
Good morning, good afternoon, and good evening, Compliance Rockstars, Clinical Research Professionals, Ethics Enthusiasts, Legal Experts, and Investigators!
330+ subscribers and counting!
Authored By: Tasha Mohseni
Wow, what a busy start to the new year!
I always think each new year should begin with pause and planning. Planning for personal and professional goals. Planning for family trips. Just planning in general. However, it already feels like I’m in the 2026 hamster wheel. You would think I’d be used to this by now, but I suppose not.
Let’s dive into today’s topic!
I’m going to cover select recent developments within HHS and its agencies including:
- Food and Drug Administration (FDA)
- National Institutes of Health (NIH)
- Office of Research Integrity (ORI)
As a general reminder, any legal information discussed within this post should be discussed with your institution.
Public comment requested on the adoption and use of AI in clinical care
The Department of Health and Human Services (HHS) issued a Request for Information (RFI) on accelerating the adoption and use of AI in clinical care. Public feedback will inform HHS-wide use of three different approaches: regulation, reimbursement, and research & development. Specifically, HHS seeks concrete, experience-based feedback from those building, buying, evaluating, using, and receiving care from AI tools that are part of clinical care as well as from those who wish to do so but face barriers. The RFI has a 60-day comment period from when the notice was first issued.
HTI-5 Proposed Rule announcement
HHS, via the ASTP/ONC, released the HTI-5 Proposed Rule. A central component of the HTI-5 Proposed Rule is streamlining the ONC Health IT Certification Program. The HTI-5 Proposed Rule also includes updates to the information blocking regulations. Drawing from stakeholder feedback, the proposal edits definitions and adjusts several exceptions to reduce the potential for misuse and to strengthen HHSโs ability to ensure patient access to electronic health information. The Proposed Rule will be open for public comment for 60 days upon publication in the Federal Register.
(Back to the Contents)
HHS grand AI strategy
HHS released a comprehensive AI strategy designed to transform how the agency operates, serves the public, and accelerates innovation across health, human services, and public health. This marks a significant milestone in HHSโs efforts to harness AI responsibly and effectively to improve outcomes for all Americans. This framework that expands the responsible use of AI throughout the Department and aligns with broader federal directives to modernize government operations and innovation. Further, the strategy centers on a OneHHS approach uniting AI priorities and governance across all HHS agencies. The plan is built upon five main pillars:
- Ensure governance and risk management for public trust
- Design infrastructure and platforms for user needs
- Promote workforce development and burden reduction for efficiency
- Foster health research and reproducibility through gold standard science
- Enable care and public health delivery modernization for better outcomes
As part of this initiative, HHS published its AI Compliance Plan in late 2025. This plan implements the requirements of the Office of Management and Budgetโs (OMB) Memoranda M-25-21 and M-25-22, which directs federal agencies to accelerate the safe, innovative, and trustworthy use of AI. The Compliance Plan focuses on three areas:
- Encouraging public trust by promoting transparency and accountability in AI use
- Driving innovation via removal of barriers and enabling efficient adoption of AI
- Placing AI governance at the forefront by establishing policies, inventories, and oversight processes across HHS Divisions
Top FDA drug regulator Pazdur retires, Hรธeg takes his place in CDER
The FDA continues to switch up the game with grand regulatory changes. STAT first reported Richard Pazdurโs retirement from the FDAโs Center for Drug Evaluation and Research (CDER) just weeks after acceptance. FDA Commissioner Dr. Marty Makary first appointed Pazdur mid-November calling him a true regulatory innovator. Though his departure appeared abrupt, itโs not necessarily a shock. CNN reported that Pazdur initially turned down the CDER appointment primarily because of his strained relationship with Dr. Vinay Prasad.
Years prior, Prasad openly criticized Pazdur in a blog post stating, โFrankly Rick Pazdur has exerted his will over the FDA and has done a catastrophically bad job.โ
There was speculation as to whether Pazdurโs retirement is connected to a leaked memo from Prasad. In this memo, Prasad claimed that the COVID-19 vaccine caused the death of 10 children. Further, within the memo, Prasad called for stricter vaccine regulation. A group of former FDA Commissioners gathered to express their deep concerns of this new framework in the New England Journal of Medicine. In a matter of days, the FDA moved quickly to appoint Dr. Tracy Beth Hรธeg as the CDER acting director.
GAO calls for action in medical device recall oversight limitations
The Government Accountability Office (GAO) recently published a report on the FDAโs medical device recall process. The FDA monitors the safety of approximately 200,000 medical devices. From 2020 to 2024, the GAO reported that nearly 4,000 of these devices needed to be recalled. Using recalled medical devices can lead to serious injury, death, or other adverse effects.
FDA’s oversight of the recall process includes reviewing manufacturers’ recall plans and verifying that recalls were carried out according to plan.
Gaps in this oversight process not only magnify inefficiencies, but also places patients at risk. The ramifications of using recalled devices include the potential for serious injury or death. FDAโs oversight of medical products, including devices, has been on GAOโs high-risk list since 2009.
QSMR amended to align with revised ISO 13485:2016
In February 2026, the FDA will begin enforcing the Quality Management System Regulation (QMSR). This replaces the Quality System Regulation (QSR) under 21 CFR 820 and is aligned with the international standard specific for medical device quality management systems set by the International Organization for Standardization (ISO) ISO 13485:2016. The December 2025 technical amendments are purely administrative revisions made by the FDA to align 21 CFR 820 with the QMSR framework.
- The QMSR harmonizes key areas of a device manufacturerโs Quality Management System (QMS) and more closely aligns the U.S. with many other regulatory authorities around the world.
- Further, this action promotes consistency in the regulation of devices and provides a timelier introduction of safe, effective, high-quality devices for patients.
Organizations can start communications early with key stakeholders to facilitate the understanding of shifting from QSR to QMSR. If your organization currently implements ISO 13485, they should review for any potential compliance gaps from the FDA QMSR (e.g., additional requirements or documentation). After gap analysis is performed, organizations can create training materials to educate staff. Further, any templates used to review for medical device studies should be updated for terminology changes from QSR to QMSR.
RFI on harmonizing NIH research participant data policies
The NIH issued a RFI inviting public input on a significant proposal to harmonize and improve how human research participant data are protected and shared across NIH policies. This initiative reflects NIHโs commitment to responsible data stewardship. Under NOT-OD-26-023, NIH proposes to:
- A new NIH Controlled-Access Data Policy to support the research community in fulfilling NIH data sharing expectations
- This policy specifies human participant data types required to be managed via controlled-access and provides criteria for assessing the need for controls for other data types
- To revise the NIH Genomic Data Sharing (GDS) Policy to reduce duplicate policy requirements and improve overall performance with respect to human genomic data only
NIH welcomes comments with respect to:
- Whether the proposed data types requiring controlled access are appropriate
- Suggested additions or modifications to definitions or criteria
- Practical considerations for implementation
- Views on the proposed scope of the revised GDS Policy
Recent statement from NIH Director Bhattacharya on engaging the public as clinical research partners
The NIH director issued a statement titled โRoadmap for Engaging the Public as Partners in Clinical Research,โ which signals a new era of participation, transparency, and shared ownership in the research. The roadmap reflects recommendations from the Novel and Exceptional Technology and Research Advisory Committee (NExTRAC) and its ENGAGE Working Group, which spent several years consulting experts and communities nationwide to identify ways to integrate public voices at every stage of clinical research. This includes:
- Helping interpret and disseminate results in ways that matter to peopleโs lives
- Designing research questions that align with community priorities
- Advising on recruitment strategies and study plans
A cornerstone of this initiative is transparency about how clinical research data are used and shared. To support transparency, NIH is establishing agency-wide principles to foster, promote, and guide the responsible conduct of research using clinical data. The eight priniciples are as follows:
- Leveraging existing infrastructure to promote access and improve efficiencies in cost and resources is a NIH-wide priority
- Demonstrating respect for persons is a core NIH value when considering research uses of clinical data
- Ensuring responsible stewardship of data is an essential component of demonstrating respect for persons
- Recognizing the needs of the communities from which the data are collected and generated is imperative to respectful collaboration or partnerships on using clinical data for research
- Fostering and maintaining public trust necessitates ongoing transparency regarding uses of clinical data for research and communication of the potential benefits and risks of such research
- Promoting quality of EHR data that is beneficial for both clinical and research use should be accompanied by a recognition that data in the EHR was collected specifically for clinical use
- Deciding to use clinical data for research purposes requires ongoing consideration of the risks and benefits, NIHโs unifying principles, and the core principles captured in current laws, policies, and regulations
- Ensuring that policies and decision-making processes regarding the use of clinical data for research purposes are designed to adapt to rapidly changing technical, social, ethical, and regulatory landscapes is essential
New NIH research security training requirement
The NIH implemented research security training requirements as outlined in the CHIPS and Science Act of 2022. Several federal agencies including the NSF and DOE are implementing training requirements that address cybersecurity, international collaboration, foreign interference, and rules for proper use of funds, disclosure, conflict of commitment, and conflict of interest. This initiative safeguards U.S. scientific research.
The NSF, in partnership with the NIH, the DOE, and DOD, have created four online research security training (RST) modules as a resource for organizations to fulfill this requirement. The condensed RST module is designed to meet the government-wide RST requirement in the CHIPS and Science Act of 2022. To that end, NSF, NIH, DOE, DOD, and USDA all recognize completion of the condensed module as compliant with their respective RST requirements.
Completion of this training as well as individual and institutional certifications will be effective for applications submitted for due dates on or after May 25, 2026. Organizations can ensure this requirement is communicated to investigators engaged in NIH-funded research. They can ensure covered individuals (those defined as senior/key personnel) listed on the grant certify completion of this training within 12 months of the date of application submission. Note that covered individuals may be defined differently depending on the specific federal agency.
New ORI Final Rule Guidance Documents Released
The Office of Research Integrity (ORI) released a new set of guidance documents to support institutions preparing for the implementation of the 2024 Final Rule on Public Health Service (PHS) Policies on Research Misconduct. These resources are designed to help institutions better understand and comply with the updated regulations, which became effective January 1, 2026. New topic-specific guidance documents released include:
- Institutional Records (pdf): This document is designed to assist institutions in producing a complete institutional record including reports, interviews, research records, and other documents and information compiled during a research misconduct proceeding.
- Research Records (pdf): This document describes the wide range of research records and other evidence that may be needed to complete a research misconduct proceeding.
- Multiple Institutions (pdf): This guidance document is intended to help institutions navigate research misconduct proceedings involving multiple institutions.
I hope this post brought you up to speed on some recent actions from the HHS and its agencies!
Leave a Reply